Sign-up

ID

VAR-202202-0324


CVE

CVE-2022-20709


TITLE

plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-005342

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information may be tampered with. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the configuration of the NGINX web server. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored web session tokens, leading to further compromise

Trust: 2.34

sources: NVD: CVE-2022-20709 // JVNDB: JVNDB-2022-005342 // ZDI: ZDI-22-416 // VULMON: CVE-2022-20709

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345pscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv340scope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345scope:lteversion:1.0.03.24

Trust: 1.0

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-416 // JVNDB: JVNDB-2022-005342 // NVD: CVE-2022-20709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20709
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20709
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20709
value: HIGH

Trust: 0.8

ZDI: CVE-2022-20709
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202202-171
value: HIGH

Trust: 0.6

VULMON: CVE-2022-20709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-20709
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20709
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20709
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-20709
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 4.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-416 // VULMON: CVE-2022-20709 // JVNDB: JVNDB-2022-005342 // CNNVD: CNNVD-202202-171 // NVD: CVE-2022-20709 // NVD: CVE-2022-20709

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005342 // NVD: CVE-2022-20709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-171

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-171

PATCH

title:cisco-sa-smb-mult-vuln-KA9PK6Durl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.8

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.7

title:Cisco Small Business Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183261

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-416 // VULMON: CVE-2022-20709 // JVNDB: JVNDB-2022-005342 // CNNVD: CNNVD-202202-171

EXTERNAL IDS

db:NVDid:CVE-2022-20709

Trust: 4.0

db:ZDIid:ZDI-22-416

Trust: 2.4

db:JVNDBid:JVNDB-2022-005342

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15892

Trust: 0.7

db:CS-HELPid:SB2022020301

Trust: 0.6

db:CNNVDid:CNNVD-202202-171

Trust: 0.6

db:VULMONid:CVE-2022-20709

Trust: 0.1

sources: ZDI: ZDI-22-416 // VULMON: CVE-2022-20709 // JVNDB: JVNDB-2022-005342 // CNNVD: CNNVD-202202-171 // NVD: CVE-2022-20709

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-22-416/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20709

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022020301

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: ZDI: ZDI-22-416 // VULMON: CVE-2022-20709 // JVNDB: JVNDB-2022-005342 // CNNVD: CNNVD-202202-171 // NVD: CVE-2022-20709

CREDITS

Q. Kaiser from IoT Inspector Research Lab

Trust: 1.3

sources: ZDI: ZDI-22-416 // CNNVD: CNNVD-202202-171

SOURCES

db:ZDIid:ZDI-22-416
db:VULMONid:CVE-2022-20709
db:JVNDBid:JVNDB-2022-005342
db:CNNVDid:CNNVD-202202-171
db:NVDid:CVE-2022-20709

LAST UPDATE DATE

2024-08-14T13:53:35.766000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-416date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20709date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-005342date:2023-05-29T06:45:00
db:CNNVDid:CNNVD-202202-171date:2022-02-23T00:00:00
db:NVDid:CVE-2022-20709date:2023-11-07T03:42:41.540

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-416date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20709date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-005342date:2023-05-29T00:00:00
db:CNNVDid:CNNVD-202202-171date:2022-02-03T00:00:00
db:NVDid:CVE-2022-20709date:2022-02-10T18:15:09.527